Favorite your Message Center and Roadmap items. Access them anytime via your Profile. Export and share with your team or your LLM.

(Updated) Microsoft Edge for Business: Cross-tenant support using Intune Mobile Application Management (MAM)

Message ID
MC1255405
View in Message Center
Service
Microsoft 365 suite
Category
Plan for Change
Tags
Major Change New featureAdmin impact
Rollout
February 2026March 2026April 2026
Roadmap ID
557187
View in M365 Roadmap
Platform
Web

Summary

Microsoft Edge for Business now supports cross-tenant Intune Mobile Application Management (MAM) policies, enabling data protection on devices managed by different tenants. This opt-in feature enforces app protection, redirects downloads to OneDrive, and activates leak controls, enhancing security for contractors and partners without disrupting users.

Details

Updated April 13, 2026: We have updated the timeline. Thank you for your patience. 

[Introduction]

Microsoft Edge for Business now supports cross-tenant Intune Mobile Application Management (MAM) policies. This update allows organizations to apply Intune App Protection Policies to Edge work profiles even when the device is managed by another tenant. This capability helps protect corporate data in cross-tenant scenarios such as contractors, partners, or mergers, without requiring additional device enrollment or disrupting the end-user experience.

This message is associated with Microsoft 365 Roadmap ID 557187.

[When this will happen:]

  • Public Preview (Worldwide): We will begin rolling out mid-February 2026 and expect to complete by early April 2026.
  • General Availability (Worldwide): We will begin rolling out late April 2026 (previously early April) and expect to complete by end of April 2026 (previously mid-April).

[How this affects your organization:]

Who is affected:

  • Organizations using Microsoft Edge for Business
  • Admins configuring Intune App Protection Policies 
  • Users accessing corporate data on devices managed by another tenant

What will happen:

  • This feature is off by default and opt-in only
  • Intune MAM policies are enforced within the Edge work profile
  • When enabled, protected downloads are redirected to OneDrive for Business instead of local storage, and leak controls for screenshots and DevTools activate when data protection settings are applied.
  • This approach secures cross-tenant scenarios like contractors or mergers without requiring additional apps or disrupting the user experience.
  • No impact to personal browsing or unmanaged profiles

[What you can do to prepare:]

No action is required before rollout.

  • Review existing Intune App Protection Policies
  • Determine whether to enable cross-tenant MAM for Edge
  • Notify security and helpdesk teams as appropriate
  • Update internal documentation if needed

Learn more: Cross-tenant support using Intune MAM | Microsoft Learn

[Compliance considerations:]

Compliance area impacted Explanation
Customer data storage When protected downloads are enabled by the admin, downloads are redirected to OneDrive for Business instead of local storage, changing where corporate data is stored.
Processing and access of existing customer data Corporate data accessed through Edge work profiles is processed under Intune App Protection Policies even when the device is managed by another tenant.
Tenant-to-tenant interaction This change enables cross-tenant enforcement of Intune MAM policies, allowing one tenant to govern data protection on devices managed by another tenant.
Data Loss Prevention (Purview) Intune MAM leak controls such as clipboard restrictions, screenshot protection, and DevTools blocking are enforced within the Edge work profile.
Admin controls The capability is opt-in and controlled through Intune App Protection Policies, allowing admins to decide whether and how cross-tenant MAM enforcement applies.

Change History

Show
Published: March 18, 2026
Last Updated: April 13, 2026
April 13, 2026 at 10:31 PM Updated
Title
Previous
Microsoft Edge for Business: Cross-tenant support using Intune Mobile Application Management (MAM)
New
(Updated) Microsoft Edge for Business: Cross-tenant support using Intune Mobile Application Management (MAM)
Summary
Previous
Microsoft Edge for Business will support cross-tenant Intune Mobile Application Management (MAM) policies, enabling data protection on devices managed by different tenants. This opt-in feature, rolling out from February to April 2026, secures corporate data without extra enrollment or disrupting user experience.
New
Microsoft Edge for Business now supports cross-tenant Intune Mobile Application Management (MAM) policies, enabling data protection on devices managed by different tenants. This opt-in feature enforces app protection, redirects downloads to OneDrive, and activates leak controls, enhancing security for contractors and partners without disrupting users.
Last Updated Date
Previous
2026-03-18T22:29:29.650Z
New
2026-04-13T21:27:44.247Z
Tags
Previous
New feature,Admin impact
New
Updated message,New feature,Admin impact
Body Content
Previous

[Introduction]

Microsoft Edge for Business now supports cross-tenant Intune Mobile Application Management (MAM) policies. This update allows organizations to apply Intune App Protection Policies to Edge work profiles even when the device is managed by another tenant. This capability helps protect corporate data in cross-tenant scenarios such as contractors, partners, or mergers, without requiring additional device enrollment or disrupting the end-user experience.

This message is associated with Microsoft 365 Roadmap ID 557187.

[When this will happen:]

  • Public Preview (Worldwide): We will begin rolling out mid-February 2026 and expect to complete by early April 2026.
  • General Availability (Worldwide): We will begin rolling out early April 2026 and expect to complete by mid-April 2026.

[How this affects your organization:]

Who is affected:

  • Organizations using Microsoft Edge for Business
  • Admins configuring Intune App Protection Policies 
  • Users accessing corporate data on devices managed by another tenant

What will happen:

  • This feature is off by default and opt-in only
  • Intune MAM policies are enforced within the Edge work profile
  • When enabled, protected downloads are redirected to OneDrive for Business instead of local storage, and leak controls for screenshots and DevTools activate when data protection settings are applied.
  • This approach secures cross-tenant scenarios like contractors or mergers without requiring additional apps or disrupting the user experience.
  • No impact to personal browsing or unmanaged profiles

[What you can do to prepare:]

No action is required before rollout.

  • Review existing Intune App Protection Policies
  • Determine whether to enable cross-tenant MAM for Edge
  • Notify security and helpdesk teams as appropriate
  • Update internal documentation if needed

Learn more: Cross-tenant support using Intune MAM | Microsoft Learn

[Compliance considerations:]

Compliance area impacted Explanation
Customer data storage When protected downloads are enabled by the admin, downloads are redirected to OneDrive for Business instead of local storage, changing where corporate data is stored.
Processing and access of existing customer data Corporate data accessed through Edge work profiles is processed under Intune App Protection Policies even when the device is managed by another tenant.
Tenant-to-tenant interaction This change enables cross-tenant enforcement of Intune MAM policies, allowing one tenant to govern data protection on devices managed by another tenant.
Data Loss Prevention (Purview) Intune MAM leak controls such as clipboard restrictions, screenshot protection, and DevTools blocking are enforced within the Edge work profile.
Admin controls The capability is opt-in and controlled through Intune App Protection Policies, allowing admins to decide whether and how cross-tenant MAM enforcement applies.
New

Updated April 13, 2026: We have updated the timeline. Thank you for your patience. 

[Introduction]

Microsoft Edge for Business now supports cross-tenant Intune Mobile Application Management (MAM) policies. This update allows organizations to apply Intune App Protection Policies to Edge work profiles even when the device is managed by another tenant. This capability helps protect corporate data in cross-tenant scenarios such as contractors, partners, or mergers, without requiring additional device enrollment or disrupting the end-user experience.

This message is associated with Microsoft 365 Roadmap ID 557187.

[When this will happen:]

  • Public Preview (Worldwide): We will begin rolling out mid-February 2026 and expect to complete by early April 2026.
  • General Availability (Worldwide): We will begin rolling out late April 2026 (previously early April) and expect to complete by end of April 2026 (previously mid-April).

[How this affects your organization:]

Who is affected:

  • Organizations using Microsoft Edge for Business
  • Admins configuring Intune App Protection Policies 
  • Users accessing corporate data on devices managed by another tenant

What will happen:

  • This feature is off by default and opt-in only
  • Intune MAM policies are enforced within the Edge work profile
  • When enabled, protected downloads are redirected to OneDrive for Business instead of local storage, and leak controls for screenshots and DevTools activate when data protection settings are applied.
  • This approach secures cross-tenant scenarios like contractors or mergers without requiring additional apps or disrupting the user experience.
  • No impact to personal browsing or unmanaged profiles

[What you can do to prepare:]

No action is required before rollout.

  • Review existing Intune App Protection Policies
  • Determine whether to enable cross-tenant MAM for Edge
  • Notify security and helpdesk teams as appropriate
  • Update internal documentation if needed

Learn more: Cross-tenant support using Intune MAM | Microsoft Learn

[Compliance considerations:]

Compliance area impacted Explanation
Customer data storage When protected downloads are enabled by the admin, downloads are redirected to OneDrive for Business instead of local storage, changing where corporate data is stored.
Processing and access of existing customer data Corporate data accessed through Edge work profiles is processed under Intune App Protection Policies even when the device is managed by another tenant.
Tenant-to-tenant interaction This change enables cross-tenant enforcement of Intune MAM policies, allowing one tenant to govern data protection on devices managed by another tenant.
Data Loss Prevention (Purview) Intune MAM leak controls such as clipboard restrictions, screenshot protection, and DevTools blocking are enforced within the Edge work profile.
Admin controls The capability is opt-in and controlled through Intune App Protection Policies, allowing admins to decide whether and how cross-tenant MAM enforcement applies.

Never Miss a Microsoft 365 Update

Join thousands of IT professionals who rely on DeltaPulse for real-time Microsoft 365 change intelligence, automated notifications, and community insights.

Explore Dashboard Sign Up Free